Click here to Skip to main content
11,932,780 members (50,517 online)
Rate this:
Please Sign up or sign in to vote.
See more: VB7.x VB8.0 VB9.0 VS2008 VB SQL , +
I'm developing a small application which involves sql server and vb for the front end. my tables has timestamp as one of the column. when i write query directly on sql timestamp field can be skipped. But when query is written within the vb app. The query returns a error NOT ENOUGH ARGUMENTS SUPPLIED!!
Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
com.ConnectionString = "server=.\sqlexpress;Database=mjjsj1;trusted_connection=True;"
If TextBox1.Text <> "" And TextBox2.Text <> "" And TextBox3.Text <> "" Then
cmd = New SqlCommand("insert into BACHELI values(" + TextBox2.Text + "," + TextBox5.Text + "," + TextBox8.Text + ")", com)
End If
End Sub

Posted 24-Aug-12 21:22pm
Edited 24-Aug-12 22:52pm
Mehdi Gholam 25-Aug-12 2:43am
Show your code.
Sharath2790 25-Aug-12 3:03am
Mehdi Gholam
I've update ques

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead - it will almost certainly cure your problem at the same time!

cmd = New SqlCommand("INSERT INTO Bacheli (mycolumn1, mycolumn2, myColumn3) VALUES (@T1, @T2, @T3)", com)
cmd.Parameters.AddWithValue("@T1", TextBox2.Text)
cmd.Parameters.AddWithValue("@T2", TextBox5.Text)
cmd.Parameters.AddWithValue("@T3", TextBox8.Text)
You will need to rename "mycolumn1" etc. to match your columns, and it would be a good idea to rename the parameters "@T1" and so on to something more sensible as well.

While we are on the subject, stop taking VS defaults for names - you may remember today what "TextBox8" holds, but when you come back to makes changes in a weeks time? Or next month? Always use sensible names instead that describe what it is used for.
Sharath2790 20-Oct-12 1:45am
This method can be used in C#????
OriginalGriff 20-Oct-12 2:31am
Yes - and should. Just replace the "New" with "new" and add semicolons to the end of each line:
cmd = new SqlCommand("INSERT INTO Bacheli (mycolumn1, mycolumn2, myColumn3) VALUES (@T1, @T2, @T3)", com);
cmd.Parameters.AddWithValue("@T1", TextBox2.Text);
cmd.Parameters.AddWithValue("@T2", TextBox5.Text);
cmd.Parameters.AddWithValue("@T3", TextBox8.Text);

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web03 | 2.8.151126.1 | Last Updated 25 Aug 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100